SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
FRET-qemu/hw
History
Gerd Hoffmann b946434f26 usb: fix setup_len init (CVE-2020-14364) 
Store calculated setup_len in a local variable, verify it, and only
write it to the struct (USBDevice->setup_len) in case it passed the
sanity checks.

This prevents other code (do_token_{in,out} functions specifically)
from working with invalid USBDevice->setup_len values and overrunning
the USBDevice->setup_buf[] buffer.

Fixes: CVE-2020-14364
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-id: 20200825053636.29648-1-kraxel@redhat.com
2020-08-31 08:23:39 +02:00
..
9pfs
9pfs: Fix severe performance issue of Treaddir requests.
2020-08-24 16:39:53 +01:00
acpi
Introduce a new flag for i440fx to disable PCI hotplug on the root bus
2020-08-27 08:29:08 -04:00
adc
meson: convert hw/adc
2020-08-21 06:30:32 -04:00
alpha
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
arm
target-arm queue:
2020-08-28 15:14:40 +01:00
audio
meson: convert hw/audio
2020-08-21 06:30:32 -04:00
avr
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
block
Machine queue + QOM fixes and cleanups
2020-08-28 11:05:08 +01:00
char
sclpconsole: Use TYPE_* constants
2020-08-27 14:21:48 -04:00
core
target-arm queue:
2020-08-28 15:14:40 +01:00
cpu
hw/cpu/a9mpcore: Verify the machine use Cortex-A9 cores
2020-08-24 10:01:40 +01:00
cris
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
display
nubus: Rename class type checking macros
2020-08-27 14:04:55 -04:00
dma
i8257: Move QOM macro to header
2020-08-27 14:04:54 -04:00
gpio
meson: convert hw/gpio
2020-08-21 06:30:31 -04:00
hppa
artist out of bounds fixes
2020-08-26 22:23:53 +01:00
hyperv
vmbus: Move QOM macros to vmbus.h
2020-08-27 14:04:54 -04:00
i2c
meson: convert hw/i2c
2020-08-21 06:30:30 -04:00
i386
Machine queue + QOM fixes and cleanups
2020-08-28 11:05:08 +01:00
ide
ahci: Move QOM macro to header
2020-08-27 14:04:54 -04:00
input
pckbd: Move QOM macro to header
2020-08-27 14:04:54 -04:00
intc
nios2_iic: Use TYPE_ALTERA_IIC constant
2020-08-27 14:21:48 -04:00
ipack
meson: convert hw/ipack
2020-08-21 06:30:30 -04:00
ipmi
meson: convert hw/ipmi
2020-08-21 06:30:29 -04:00
isa
piix: Move QOM macros to header
2020-08-27 14:04:55 -04:00
lm32
hw/sd/milkymist: Do not create SD card within the SD host controller
2020-08-21 16:22:43 +02:00
m68k
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
mem
meson: convert hw/mem
2020-08-21 06:30:26 -04:00
microblaze
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
mips
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
misc
target-arm queue:
2020-08-28 15:14:40 +01:00
moxie
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
net
target-arm queue:
2020-08-28 15:14:40 +01:00
nios2
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
nubus
meson: convert hw/nubus
2020-08-21 06:30:25 -04:00
nvram
ppc patch queue 2020-08-18
2020-08-24 09:35:21 +01:00
openrisc
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
pci
meson: convert hw/pci
2020-08-21 06:30:28 -04:00
pci-bridge
meson: convert hw/pci-bridge
2020-08-21 06:30:28 -04:00
pci-host
ppce500: Use TYPE_PPC_E500_PCI_BRIDGE constant
2020-08-27 14:21:48 -04:00
pcmcia
pxa2xx: Move QOM macros to header
2020-08-27 14:04:55 -04:00
ppc
ppc patch queue 2020-08-18
2020-08-24 09:35:21 +01:00
rdma
meson: convert hw/rdma
2020-08-21 06:30:29 -04:00
riscv
opentitan: Rename memmap enum constants
2020-08-27 14:04:54 -04:00
rtc
meson: convert hw/rtc
2020-08-21 06:30:27 -04:00
rx
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
s390x
s390-virtio-ccw: Rename S390_MACHINE_CLASS macro
2020-08-27 14:04:55 -04:00
scsi
Machine queue + QOM fixes and cleanups
2020-08-28 11:05:08 +01:00
sd
target-arm queue:
2020-08-28 15:14:40 +01:00
semihosting
meson: convert hw/semihosting
2020-08-21 06:30:25 -04:00
sh4
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
smbios
hw/smbios: add options for type 4 max-speed and current-speed
2020-08-27 08:29:13 -04:00
sparc
ppc patch queue 2020-08-18
2020-08-24 09:35:21 +01:00
sparc64
ppc patch queue 2020-08-18
2020-08-24 09:35:21 +01:00
ssi
meson: convert hw/ssi
2020-08-21 06:30:27 -04:00
timer
meson: convert hw/timer
2020-08-21 06:30:27 -04:00
tpm
meson: convert hw/tpm
2020-08-21 06:30:27 -04:00
tricore
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
unicore32
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
usb
usb: fix setup_len init (CVE-2020-14364)
2020-08-31 08:23:39 +02:00
vfio
vfio/pci: Move QOM macros to header
2020-08-27 14:04:55 -04:00
virtio
vhost-user-blk-pci: default num_queues to -smp N
2020-08-27 08:29:13 -04:00
watchdog
meson: convert hw/watchdog
2020-08-21 06:30:26 -04:00
xen
meson: convert hw/xen
2020-08-21 06:30:24 -04:00
xenpv
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00
xtensa
target/xtensa: implement NMI support
2020-08-21 12:48:14 -07:00
Kconfig
hw/avr: Add limited support for some Arduino boards
2020-07-11 11:02:05 +02:00
meson.build
meson: convert hw/arch*
2020-08-21 06:30:33 -04:00